Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of MIPS Technologies, in the past of other companies such as Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Tuesday, March 25, 2014

Batch saving files in FrameMaker 11

I just wrote a Framemaker ExtendScript (Javascript dialect) to save all files in a Framemaker book as MIF.



Specifically, MIF7 in my case (hardwired, needs to be configurable).



Needed it because I use Frame 10-11-12, whereas the techwriter who cleans up my English uses Frame 7.   Frame 7 doesn't run on my PC, at least not reliably, whereas her Windows XP PC cannot run a modern FrameMaker.   And the company runs FrameMaker 7 on an old Sun box that is more than 100x slower than a modern PC for many common actions.



So we are stuck converting files between Framemaker binary .f, format and MIF7.



Doing this by hand for 315 files in just one of our architecture specs is a real pain.  I felt a weight lift off my chest when I ran this for the first time.



--



The script only saves .fm files in the .book.  It does not (yet) find all text inset files.



--



Next on the wishlist: batchify this fm2mif and mif2fm, so that Makefiles, etc., can use it.



I do not know how to invoke FrameMaker on a PC with useful command line arguments specifying, e.g. file or book, and command to run.



Can fake things by changing setup files.  That's fragile.



Perhaps can have ExtendScript parse a text file, and evaluate that.  Risky.


Wednesday, March 05, 2014

Byzantine Password Managers

Password managers like LastPass (https://lastpass.com/) - convenient. But risky. ISO a Byzantine password management system. No single password manager storing the actual passwords. Instead, if Byzantine-3, then any 2 have enough information to obtain stored passwords in plaintext - but no single password manager does. Probably requires a Javascript client that accesses each of the Byzantine set, and combines their responses. What does this protect against? => Having one (or a few) of the Byzantine set hacked. But not having a quorum hacked. => The bad guys hacked a sub-quorum do not have the ability to log in. => The bad guys cannot DOS you by giving you bogus data. What does it not protect against? X=> doesn't protect against the most likely security flaw: having the user computer, e.g. web browser, hacked. Wait... about that... ?=> Two+ factor. Clients running on two or more devices, e.g. PC and cell phone. No client knows the actual password? Unfortunately, this would require the folks who require passwords to get involved. Beyond 2 factor. "Dynamic two factor"? (But I guess this is what the security amulet idea is all about.)

goto fail - goto not the problem, lack of else was

ImperialViolet - Apple's SSL/TLS bug:

'via Blog this'
Apple's "goto fail" bug is notorious. Much discussion about how proper unit testing would have found it. Let alone code reviews. (I hope this bug is going into the pattern database for lint-like tools.)

While goto-less programming might have avoided the problem, I think it would have done so at the cost of readability.

I think it is more interesting that the problem might have been avoided if ELSE had been used.  The code in question is really a cascaded set of IFs, where each is only done if all earlier have succeeded - but it is expressed as independent statements.

The buggy code:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
 OSStatus        err;
 ...

 if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
  goto fail;
 if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
  goto fail;
  goto fail;
 if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
  goto fail;
  ...

fail:
 SSLFreeBuffer(&signedHashes);
 SSLFreeBuffer(&hashCtx);
 return err;
}
Rewritten so that the relationship between the cascaded IFs is visible and automatically checked. Minor liberty in capitalizing the ELSEs.
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) 
  goto fail;
ELSE if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
  goto fail;
  goto fail;
ELSE if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
  goto fail;
  ...
ELSE
  ...
  return 0;
Plus, I am sure that somebody has pointed out that an assert would also have caught the error.
fail:
  assert(err != 0 );
  SSLFreeBuffer(&signedHashes);
  SSLFreeBuffer(&hashCtx);
  return err;

Wednesday, September 18, 2013

Email flow with rules and labels

Email arrives.

A rule determines that it is low priority.  So I want it to be labelled Inbox/Low_Priority.

I.e. I do NOT want to see it in my normal Inbox.  Aka my priority Inbox.

But I *do* want to see it as a subfolder of my Inbox.   So, here is an example of a case where I do not want the browseable interface to the label graph to show all items with label - where the fact that it has a sublabel (of a particular type) implying that it should not be shown as the default query for Inbox.  But of course I might want to be able to see all items tagged Inbox, ewven though sublabels imply hiding.

Possibility: steal an idea from Bazaar DVCS:  Inbox/* => all items with label Inbox, but not with "masking" sublabels.   Whereas Inbox/** => all labels tagged Inbox, even with masking sublabels.

Inbox|Some_Other_Label - independent, not really path oriented
Inbox/NonMaskingSubLabel
Inbox//MaskingSubLabel

I probably won't get around to processing such Inbox/LowPriority emails very often.  But when I do, and I handle them, I probably want to change the label from Inbox/LowPriority to straight LowPriority.

I.e. LowPriority is not just a sublabel.  It is actually an independent label. But the instance on a particular item may indicate the masking sublabel relationship to Inbox.

If something gets tagged Inbox/SubLabel initially, and then just becomes SubLabel, and then is moved back to Inbox, should it go back to being Inbox/Subel?  Or should it be Inbox|SubLabel?

If Inbox/SubLabel -> SubLabel -> Inbox/SubLabe, should this be

a) because it was originally Inbox/SubLabel - i.e. based on history of the labelling?

or

b) because SubLabel is marked as being in a possibly subservient relationship to Inbox?


Inbox is a special case.

Monday, September 16, 2013

The next big form factor

Glasses, maybe contact lens - maybe.
Although I would bet on something related to ubiquitous flat panel displays happening first. Easier. Here now.
But more important - the above are output devices. I think what we really need is ubiquitous input. Talking to yourself at the refrigerator: I need milk and blueberries.
What would this look like?

Partially explicit sorting

A pattern I run into a lot: partially explicit sorting.

E.g. a regular linear sort - alphabetical, breadth or depth first, etc. - is okay for the "leftovers", but I have an explicit priority ordering of things I want to see at the head of the list.

More advanced, what I did for automatically deducing a print order in the Cp/PL wikified manual / specifications:


  • Create a manual table of contents
  • Attach unlinked items to where first linked to, alphabetically ordered.  
Have also played around with topological sorting, modified by the desored explicit ordering.


ISO: nice Perl / foobar language iioms to do this common pattern.


Easier to process less important stuff

Ever notice that it is easier to process less important stuff than more important stuff.

Email especially - but I have noticed the same thing with classification jobs, such as classifiying and rating patents.

Email especially - sort the email by sender, by subject, etc.   If I had the ability to cluster by keywords.

"Sorting, not searching".

On this trip I have been able to empty literally thousands of emails from my account.  But the last hundred are non-uniform, and are more of a hassle to handle.

For these last, I need an efficient manual scan - buttons for archiving, action required, deferred, etc.  The GTD stuff, maybe a few more.

Unfortunately, I don't have such a simple email scanner.